Tech giants are working together in the development of passwordless sign-ins across all devices. Apple, Microsoft and Google made the announcement during the World Password Day on May 5. This means that users will in the near future use passwordless authentication across Android and iOS operating systems; Chrome, Edge, and Safari browsers; and the Windows and macOS desktop versions.
Just as we design our products to be intuitive and capable, we also design them to be private and secure,” said Kurt Knight, senior director of platform product marketing at Apple.
“Working with the industry to establish new, more secure sign-in methods that offer better protection and eliminate the vulnerabilities of passwords is central to our commitment to building products that offer maximum security and a transparent user experience — all with the goal of keeping users’ personal information safe.”
According to a blog post by Google, passwordless logins allow the users to choose their mobile devices as the main authentication tool for apps, websites and other digital devices. Users can log into the services by entering a PIN, drawing a pattern or using their fingerprint to unlock, without having to enter a password. The user will be able to sign in to the services through a unique cryptographic token called a passkey between the phone and the website
Passwordless logins are designed to ensure that the process is simple and secure, without users having to cram several login details or reusing the same passwords, compromising their security in the process. Hackers will also have a harder time accessing information, as they will be required to have the device at hand to access any of the web services.
Microsoft’s Vice President for security, compliance, identity, and privacy Vasu Jakkal emphasized the need for interoperability of the feature across all platforms.
“With passkeys on your mobile device, you’re able to sign in to an app or service on nearly any device, regardless of the platform or browser the device is running,” Jakkal said in an emailed statement.
“For example, users can sign-in on a Google Chrome browser that’s running on Microsoft Windows, using a passkey on an Apple device.”
According to the Verge the cross-platform feature is enabled via the FIDO standard, which uses public key cryptography principles to provide passwordless login and multi-factor authentication in a variety of situations. When a user’s phone is unlocked, it can store a unique FIDO-compliant passkey and share it with a website for authentication. Passkeys may also be simply synchronized to a new device from cloud backup in the event that a phone is misplaced, according to Google’s website.
“This extended FIDO support being announced today will make it possible for websites to implement, for the first time, an end-to-end passwordless experience with phishing-resistant security,” said Srinivas.
“This includes both the first sign-in to a website and repeat logins. When passkey support becomes available across the industry in 2022 and 2023, we’ll finally have the internet platform for a truly passwordless future.”
Apple, Google and Microsoft said the passwordless login features could be rolled out across all their platforms sometime next year.